Changelog
exim4 (4.92-8+deb10u5) buster; urgency=medium
* Fix use of concurrent TLS connections under GnuTLS:
80_01-GnuTLS-fix-hanging-callout-connections.patch
80_02-GnuTLS-tls_write-wait-after-uncorking-the-session.patch
80_03-GnuTLS-Do-not-care-about-corked-data-when-uncorking.patch
(Thanks, Heiko Schlittermann for the backport)
* Pull 82_TLS-use-RFC-6125-rules-for-certifucate-name-checks-w.patch from
upstream git (already included in 4.94), on TLS connections to a CNAME
verify the certificate against the original CNAME instead of against
the A record. Closes: #985243
* In README.Debian explicitly document the limitation/extent of server
certificate checking (authenticity not enforced) in the default
configuration (Thanks, Jö Fahlke). This Closes: #985244 (improved
documentation and Closes: #985344 (Yes, without required cert
checking MitM attacks are possible, but for a stable update documenting
this is the best compromise.)
-- Andreas Metzler <email address hidden> Thu, 18 Mar 2021 09:10:15 +0100